Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
Direct file access lets users open files that are attached to e-mail messages and files that are stored in Windows file shares. You can manage direct file access for Microsoft Office Outlook Web App in Microsoft Exchange Server 2010 for both public and private computers.
By default, public computer direct file access is enabled for new installations and upgrades of Outlook Web App. Therefore, when users in your organization select This is a public or shared computer or This is a private computer on the Outlook Web App sign-in page, they will be able to access files that are attached to e-mail messages.
When you enable private or public computer file access for users, you can use the EMC to specify individual file types and MIME types. The following table lists the file name extensions and MIME types that, by default, are set to Allow, Block, or Force Save for the \owa virtual directory.
- Allow File and MIME types in the Allow
list can be opened from Outlook Web App if the application that's
needed to open the files is installed on the client computer. Allow
overrides Block and Force Save.
- Block File and MIME types in the Block
list can't be opened. Block overrides Force Save and is overridden
by Allow.
- Force Save File and MIME types in the
Force Save list must be saved to the client computer before they
can be opened. Force Save is overridden by Allow and Block.
Note: Although it appears that you can set the values for private and public computer access individually, you can't. When you specify behavior for private access, you also set it for public access.
Default file name extensions and MIME values for the Allow, Block, and Force Save settings for the \owa virtual directory
Option | Description | Default file name extensions | Default MIME types |
---|---|---|---|
Allow |
This option specifies the file types that are always enabled for direct file access. |
.rpmsg, .xlsx, .xlsm, .xlsb, .pptx, .pptm, .ppsx, .ppsm, .docx, .docm, .xls, .wmv, .wma, .wav, vsd, .txt, .tif, .rtf, .pub, .ppt, .png, .pdf, .one, .mp3, .jpeg, .gif, .doc, .bmp, .avi |
image/jpeg, image/png, image/gif, image/bmp |
Block |
This option specifies the file types that are always blocked from direct file access. |
.ade, .adp, .asx, .app, .asp, .aspx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dir, .dcr, .der, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc,.msh, .msh1, .mshxml, .msh1xml, .msi, .msp,.mst, .ops, .pcd, .pif, .plg, .prf,.prg, .ps1, .ps2, .psc1, .psc2, .ps1xml, .ps2xml, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .spl, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh, .xml |
application/x-javascript, application/javascript, application/msaccess, x-internet-signup, text/javascript, application/prg, application/hta, text/scriptlet |
Force Save |
This option specifies the files that users can access only after they've saved them to the local computer. |
.vsmacros, .mshxml, .aspx, .xml, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe, .url, .tmp, .swf, .spl, . shs, .shb, .sct, .scr, .scf, .reg, .pst, .prg, .prf, .plg, .pif, .pcd, .ops, .mst, .msp, .msi, .msh, .msc, .mdz, .mdw, .mdt, .mde, .mdb, .mda, .maw, .mav, .mau, .mat, .mas, .mar, .maq, .mam, .mag, .maf, .mad, .lnk, .ksh, .jse, .its, .isp, .ins, .inf, .hta, .hlp, .fxp, .exe, .dir, .dcr, .csh, .crt, .cpl, .com, .cmd, .chm, .cer, .bat, .bas, .asx, .asp, .app, .adp, .ade, .ws, .vb, .js |
Application/x-shockwave-flash, Application/octet-stream, Application/futuresplash, Application/x-director, Application/xml, text/xml |
There is also a default setting for unknown file types. You can set the setting for unknown file types to one of the following values:
- Allow
- Block
- Force Save
Note: |
---|
By default, attachment types that are marked as Force
Save will be excluded from security checks for XML or HTML. You
can change this behavior by setting the
ForceSaveAttachmentFilteringEnabled parameter to
$true by using either the Set-OwaMailboxPolicy
or the Set-OwaVirtualDirectory
cmdlet. |
Looking for other management tasks related to accessing files from Outlook Web App? Check out Managing File and Data Access for Outlook Web App.
Use the EMC to configure direct file access policy settings for Outlook Web App
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
- In the console tree, navigate to Server Configuration
> Client Access.
- In the action pane, in Outlook Web App, click
Properties.
- On the Outlook Web App Properties page, click either the
Public Computer File Access tab or the Private Computer
File Access tab.
- Under Direct file access, select the check box next to
Enable direct file access to let users download
attachments.
- To modify the types of attachments that you want users to be
able to access, click Customize next to Customize direct
file access.
- On the Direct File Access Settings page, do one of the
following:
- To set the file types and MIME types that you want users to
access, click Allow, and then set the file name extensions
and MIME values on the Allow List page.
- To set the file types and MIME types that you want to block
users from accessing, click Block, and then and set the file
name extensions and MIME values on the Block List page.
- To set the file types and MIME types that you want to force
users to save before they access them, click Force Save, and
then set the file name extensions and MIME values on the Force
Save List page.
- For unknown file types, select an option from the list in the
Unknown Files box. Select Allow, Block, or
Force Save.
- To set the file types and MIME types that you want users to
access, click Allow, and then set the file name extensions
and MIME values on the Allow List page.
- Click OK to save your settings.
Use the Shell to configure attachments policy settings for Outlook Web App
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
This example prevents users on public computers from downloading files.
Copy Code | |
---|---|
Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DirectFileAccessOnPublicComputersEnabled $false |
For more information about syntax and parameters, see Set-OwaVirtualDirectory.
Other Tasks
After you configure direct file access, you may also want to: